package cn.easytogo.interceptor;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.apache.struts2.StrutsStatics;

import cn.easytogo.bean.Resource;
import cn.easytogo.bean.User;
import cn.easytogo.service.IResourceDAO;
import cn.easytogo.service.IUserDAO;
import cn.easytogo.util.ConfigUtil;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;

public class LoginInterceptor extends AbstractInterceptor {
	private static List<Resource> resouceList = new ArrayList<Resource>();//权限系统中的所有资源
	private IUserDAO userDAO;
	private IResourceDAO resourceDAO;
	private String outcludeActions="";
	@Override
	public String intercept(ActionInvocation arg0) throws Exception {
		Map<String, Object> session = ActionContext.getContext().getSession();
		User user = (User) session.get(ConfigUtil.getConfigByName("session_name"));
		String[] outcludeActionArray = new String[1];
		if(outcludeActions!=null){
			outcludeActionArray = outcludeActions.split(",");
		}
		String actionName = arg0.getAction().getClass().getSimpleName();
		for (String s : outcludeActionArray) {//如果是不需要权限验证的几个Action,跳过
			if(s.equals(actionName)){
				return arg0.invoke();
			}
		}
		if(user==null||user.getId()==null){//如果没有登录,转到登陆页面
			String guestUsername=ConfigUtil.getConfigByName("guest_user");
			if(guestUsername!=null&&!"".equals(guestUsername)){//如果有设置默认使用浏览账户,自动登录
				User logUser = userDAO.findUserByUserName(guestUsername);
				logUser.setResources(resourceDAO.selectResourcesByUser(logUser));
				session.put(ConfigUtil.getConfigByName("session_name"), logUser);
				user = logUser;
			}else{//否则,提示用户自行登录
				return "need_login";
			}
		}
		ActionContext actionContext = arg0.getInvocationContext();
		HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
		String requestUrl = request.getRequestURI().substring(request.getContextPath().length()+1);//获取要访问的路径
		if(resouceList==null||resouceList.isEmpty()){
			resouceList = resourceDAO.selectAllResources();
		}
		List<Resource> userResources = user.getResources();//用户权限内的所有资源
		for(Resource r:resouceList){//遍历权限系统中的所有资源,(如果不在其中,不做拦截)
			if(r.getUrl()!=null&&r.getUrl().startsWith(requestUrl)){
				for (Resource ur : userResources) {//如果访问的路径在用户所属权限资源中,通过
					if(ur.getUrl()!=null&&ur.getUrl().startsWith(requestUrl)){
						return arg0.invoke();
					}
				}
				return "need_authority";//否则,跳转到权限不足提示页面
			}
		}
		return arg0.invoke();
	}
	public String getOutcludeActions() {
		return outcludeActions;
	}
	public void setOutcludeActions(String outcludeActions) {
		this.outcludeActions = outcludeActions;
	}
	public IResourceDAO getResourceDAO() {
		return resourceDAO;
	}
	public void setResourceDAO(IResourceDAO resourceDAO) {
		this.resourceDAO = resourceDAO;
	}
	public IUserDAO getUserDAO() {
		return userDAO;
	}
	public void setUserDAO(IUserDAO userDAO) {
		this.userDAO = userDAO;
	}
	
}
